package com.spring.security.web.filter;

import com.spera.shopoa.util.ShopOaSessionUtil;
import com.spring.security.web.model.User;
import com.spring.security.web.service.UserService;

import org.apache.log4j.Logger;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import javax.annotation.Resource;

/**
 * Created by wojunyu on 2015/7/11.
 * 可以把Realm看成DataSource，即安全数据源
 */
public class MyRealm extends AuthorizingRealm {
    static Logger logger = Logger.getLogger (AuthorizingRealm.class.getName ());
    @Resource
    private UserService userService ;

    /**授权信息**/
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
//        info.addStringPermission("user");//添加权限
//        info.addRole("");//添加角色
        
        logger.info("---->sqxx");
        if(true){
            return info;
        }
        return null;
    }

    /*认证信息*/
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken)
            throws AuthenticationException {
        logger.info("---->rzxx");
//        AccountManager
        UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
        String userName = token.getUsername();
        User user= userService.selectByUsername(userName);
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user.getUsername(), user.getPassword(), getName());
        if(user != null){
            return info;
        }
        return null;
    }


}
